beautypg.com

Cisco 3.3 User Manual

Page 809

background image

F-23

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Appendix F RDBMS Synchronization Import Definitions

Action Codes

174

ADD_IOS_
COMMAND

UN|GN,
VN, V1

Authorizes the given Cisco IOS command and
determines if any arguments given to the command
are to be found in a defined set or are not to be found
in a defined set. The defined set is created using
Actions 176 and 177:

GN = "Group 1"

VN = "telnet"

V1 = "permit"

or

UN = "fred"

VN = "configure"

V1 = "deny"

The first example permits the Telnet command to be
authorized for users of Group 1. Any arguments can
be supplied to the Telnet command as long as they are
not matched against any arguments defined via Action
176.

The second example permits the configure command
to be authorized for user fred, but only if the
arguments supplied are permitted by the filter defined
by a series of Action 176.

175

REMOVE_IOS_
COMMAND

UN|GN,
VN

Removes command authorization for the user or
group:

GN = "Group 1"

VN = "telnet"

or

UN = "fred"

VN = "configure"

Users of Group 1 can no longer use the Cisco IOS
telnet command.

User fred can no longer use the configure command.

Table F-5

Action Codes for Modifying TACACS+ and RADIUS Group and User Settings (continued)

Action
Code

Name

Required

Description